Bugtraq mailing list archives
Re: LD_ hole (was Re: IFS hole?)
From: howie () ivory cc columbia edu (Howie Kaye)
Date: Wed, 15 Dec 93 19:17:26 EST
This depends on the real uid being different from the effective uid. If your program does something like "setuid(geteuid())", then you lose this protection. If you then run another program, it will be running as root, and won't look like a suid'ed program, just something running as root. It will then look at the LD_LIBRARY_PATH. -----------------------------Howie Kaye howie () columbia edu Columbia University hlkcu@cuvma.bitnet AcIS UNIX Systems Group ...!rutgers!columbia!howie
Current thread:
- LD_ hole (was Re: IFS hole?) Michael Neuman (Dec 15)
- Re: LD_ hole (was Re: IFS hole?) smb () research att com (Dec 15)
- Re: LD_ hole (was Re: IFS hole?) Rik Harris (Dec 15)
- The LD_* vars (was Re: LD_ hole) Justin Mason (Dec 16)
- <Possible follow-ups>
- Re: LD_ hole (was Re: IFS hole?) Howie Kaye (Dec 15)